{
"attributes": {
"columns": [
"agent.name",
"auditd.summary.how",
"auditd.summary.object.primary",
"auditd.summary.object.secondary",
"auditd.data.socket.family",
"event.action"
],
"description": "",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"key": "event.module",
"negate": false,
"params": {
"query": "auditd",
"type": "phrase"
},
"type": "phrase",
"value": "auditd"
},
"query": {
"match": {
"event.module": {
"query": "auditd",
"type": "phrase"
}
}
}
},
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
"key": "auditd.summary.object.type",
"negate": false,
"params": {
"query": "socket",
"type": "phrase"
},
"type": "phrase",
"value": "socket"
},
"query": {
"match": {
"auditd.summary.object.type": {
"query": "socket",
"type": "phrase"
}
}
}
},
{
"$state": {
"store": "appState"
},
"exists": {
"field": "auditd.summary.object.primary"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
"key": "auditd.summary.object.primary",
"negate": false,
"type": "exists",
"value": "exists"
}
},
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index",
"key": "query",
"negate": false,
"type": "custom",
"value": "{\"terms\":{\"auditd.data.syscall\":[\"accept\",\"accept4\",\"recvfrom\",\"recvmsg\"]}}"
},
"query": {
"terms": {
"auditd.data.syscall": [
"accept",
"accept4",
"recvfrom",
"recvmsg"
]
}
}
}
],
"highlightAll": true,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
"query": {
"language": "kuery",
"query": ""
},
"version": true
}
},
"sort": [
[
"@timestamp",
"desc"
]
],
"title": "Socket Accept / Recvfrom [Auditbeat Auditd] ECS",
"version": 1
},
"coreMigrationVersion": "8.0.0",
"id": "e8734160-c24c-11e7-8692-232bd1143e8a-ecs",
"migrationVersion": {
"search": "7.9.3"
},
"references": [
{
"id": "auditbeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern"
},
{
"id": "auditbeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern"
},
{
"id": "auditbeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
"type": "index-pattern"
},
{
"id": "auditbeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
"type": "index-pattern"
},
{
"id": "auditbeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index",
"type": "index-pattern"
}
],
"type": "search",
"updated_at": "2021-08-04T16:35:59.895Z",
"version": "WzQ5ODIsMV0="
}